Azure-Sentinel/Tools/externaldata/auditlogs.yaml

externaldata(TenantId:string, SourceSystem:string, TimeGenerated:datetime, ResourceId:string, OperationName:string, OperationVersion:string, Category:string, ResultType:string, ResultSignature:string, ResultDescription:string, DurationMs:long, CorrelationId:string, Resource:string, ResourceGroup:string, ResourceProvider:string, Identity:string, Level:string, Location:string, AdditionalDetails:dynamic, Id:string, InitiatedBy:dynamic, LoggedByService:string, Result:string, ResultReason:string, TargetResources:dynamic, AADTenantId:string, ActivityDisplayName:string, ActivityDateTime:datetime, AADOperationType:string, Type:string)
[
  h@"https://STORAGEACCOUNTNAME.blob.core.windows.net/am-auditlogs/SASSIG"
]
with(format="json")